Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snortsam / Portscanning Detection

From: Tuomas Groves <tjgroves () comcast net>
Date: Mon, 29 Dec 2003 11:45:39 -0800
Hey everyone,
I was going to try to get our PIX firewall setup with snort / snortsam and I had a question. We are interested in having the firewall block the offending IP address when we receive a portscan, but I could not figure out where we should place the "fwsam: src, 5 minutes;" entry. Because in snort 2.1.0, I do not know about previous versions, the portscanning detection is a preprocessor. If I set the "output-mode" to "pktkludge" I can see it in the alerts database and everything, but as I said, I have no idea how to set a different output plug-in for this. That is if it can even currently be done. Any help would be greatly appreciated. 

  Tuomas Groves



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: